Joint Cybersecurity Advisory – #StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the FBI, the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service just released a joint Cybersecurity Advisory (CSA) to warn network defenders of malicious activity targeting U.S. and South Korean Healthcare and Public Health (HPH) Sector organizations as well as other critical infrastructure sectors.  

This advisory highlights tactics, techniques, and procedures (TTPs) and IOCs North Korean cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms. The authoring agencies urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

• Train users to recognize and report phishing attempts.
• Enable and enforce phishing-resistant multifactor authentication. 
• Install and regularly update antivirus and antimalware software on all hosts. 

Additionally, review StopRansomware.gov for more guidance on ransomware protection, detection, and response. To report suspicious or criminal activity related to information found in advisory, contact your local FBI field office, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937, or by e-mail at Cy*****@*bi.gov. If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at CI*************@******hs.gov. Access the full advisory at CISA.